squeeze-page-builder
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection through its input processing workflow.
- Ingestion points: The skill ingests untrusted user data via the lead_magnet and affiliate_product fields defined in the SKILL.md input schema.
- Boundary markers: The instructions do not include requirements for the agent to utilize boundary markers or ignore instructions potentially embedded in user-supplied data.
- Capability inventory: The skill has the capability to generate and write executable HTML and JavaScript files based on these inputs.
- Sanitization: There is an absence of explicit instructions to sanitize or validate user input before it is interpolated into the generated code templates, creating a potential for injection in the resulting landing page.
Audit Metadata